openapi: "3.1.0" info: title: "RBA Scoring WS Client" description: "API for RBA scoring and notification operations" version: "25R1.1" paths: /: put: tags: - "scoring" operationId: "/" summary: "Send a RBA scoring request or notification." description: | This operation allows to either create a new RBA scoring request (initiated by the Hub) or notify the authentication result. Depending on the use case (scoring request or notification), - endpoints are different (both are configured); - requests and responses bodies are different. parameters: - name: "Authorization" in: "header" description: "OAuth2 Authorization." schema: type: "string" requestBody: required: true content: application/vnd.external.rba.v1+json; charset=UTF-8: schema: $ref: '#/components/schemas/RequestBody' responses: "200": description: "OK." content: application/vnd.external.rba.v1+json; charset=UTF-8: schema: $ref: '#/components/schemas/ResponseBody' "201": description: "Created." content: application/vnd.external.rba.v1+json; charset=UTF-8: schema: $ref: '#/components/schemas/ResponseBody' "202": description: "Accepted." content: application/vnd.external.rba.v1+json; charset=UTF-8: schema: $ref: '#/components/schemas/ResponseBody' default: description: "Error." components: schemas: AddressDTO: description: "Cardholder address." type: "object" required: - "addrCity" - "addrCountry" - "addrLine1" - "addrPostCode" properties: addrCity: description: "Address city." type: "string" minLength: 1 maxLength: 50 addrCountry: description: "Address country." type: "string" minLength: 3 maxLength: 3 format: "ISO 3166-1 numerical" addrLine1: description: "Address line 1." type: "string" minLength: 1 maxLength: 50 addrLine2: description: "Address line 2." type: "string" minLength: 1 maxLength: 50 addrLine3: description: "Address line 3." type: "string" minLength: 1 maxLength: 50 addrPostCode: description: "Address postal code." type: "string" minLength: 1 maxLength: 16 addrState: description: "Address state." type: "string" minLength: 1 maxLength: 3 format: "ISO 3166-2 country subdivision code" AmountDTO: type: "object" required: - "amount" - "exponent" - "Currency" properties: amount: description: "Amount of the transaction, without exponent." type: "integer" format: "int64" examples: - 29900 exponent: description: "Exponent of the amount of the transaction." type: "integer" minimum: 0 maximum: 9 format: "int32" examples: - 2 Currency: $ref: '#/components/schemas/CurrencyDTO' AuthMeanDTO: description: "Authentication means used during the transaction." type: "object" required: - "mean" properties: mean: description: "Authentication means used by the PSU." type: "string" minLength: 1 maxLength: 50 enum: - "ACCEPT" - "ASHE" - "BANKID" - "BIOMETRIC" - "CAP_CCR" - "CAP" - "CCP_CVV" - "CHIPTAN" - "DDN_CVV" - "DDN" - "DEXP" - "EMAIL" - "EXT2FA" - "EXTLOGIN" - "EXTMOBAPP_PUSH" - "EXTMOBAPP" - "EXTOTP_OTRC" - "EXTOTP_PWD" - "EXTOTP" - "EXTOTRC" - "EXTPHONE" - "EXTPRINC" - "EXTPWD" - "EXTSMS" - "EXTTOKEN_PWD" - "FTN_OIDC" - "ICG_FALL" - "ICG_PRINC" - "ICG_TECH" - "INFO" - "ITAN" - "ITSME_SOAP" - "ITSME" - "IVR_EMAIL" - "IVR_EXT" - "IVR_PWD" - "IVR" - "LUXTRUST_REDIR" - "LUXTRUST_SOAP" - "MOBILE" - "MTAN" - "MULTIFA" - "NEMID" - "NETSOPENID" - "OPENID" - "OPOPID" - "PHOTO_TAN" - "PWD" - "QRCODE" - "SMS_EMAIL" - "SMS_EXT" - "SMS_PWD" - "SMS" - "SMSORIVR" - "STD" - "T2P" - "TA_SOAP" - "TA" - "TAB" - "TOKEN_TAN" - "TOKEN" - "TRUST_FALL" - "TRUST_PRINC" - "TRUST_TECH" - "TUPAS" - "URLINTENT" - "WSAUTH" examples: - "TA" chosenMeansDevice: description: "Device chosen for the authentication. In case of SMS or IVR, value can be in plain text or hashed, depending on configuration." type: "string" maxLength: 255 examples: - "1820b59376fed03ddab5efcc5353bdc5" numAttempts: description: "Number of authentication attempts for this authentication means." type: "integer" maximum: 99 format: "int32" examples: - 0 status: description: "Status of Authentication." type: "string" enum: - "SUCCESS" - "FAILURE" examples: - "FAILURE" AuthenticationDTO: description: "Authentication result." type: "object" required: - "id" - "ElapsedTime" - "finalStatus" - "RBAdecision" properties: id: description: "Non-sequential identifier." type: "string" minLength: 36 maxLength: 36 format: "uuid" examples: - "31a1f5fc-69a2-4684-8f00-a1769d7d30cd" createdTime: description: "ISO 8601 datetime of registration of the transaction, in French locale timezone." type: "string" format: "yyyy-MM-dd'T'HH:mm:ss" examples: - "2024-07-05T11:26:17" updatedTime: description: "ISO 8601 datetime of last update of the transaction, in French locale timezone." type: "string" format: "yyyy-MM-dd'T'HH:mm:ss" examples: - "2024-07-05T11:27:34" authentMeans: description: "List of all authentication means used during the transaction." type: "array" items: allOf: - $ref: '#/components/schemas/AuthMeanDTO' - required: - chosenMeansDevice - numAttempts - status ElapsedTime: description: "Elapsed time of the authentication in milliseconds." type: "integer" format: "int64" examples: - 60338 finalStatus: description: | Final status of the transaction. Possible values are: - `Y`: SUCCESS - `N`: FAILURE - NOT AUTHENTICATED - `U`: PROBLEM - `A`: ATTEMPT - `C`: ADDITIONAL - `D`: DECOUPLED - `R`: REJECTED - `I`: INFORMATION type: "string" minLength: 1 maxLength: 1 enum: - "Y" - "N" - "U" - "A" - "C" - "D" - "R" - "I" examples: - "N" failureCause: description: | Failure cause of the transaction. In case of `USER_CANCELLATION`, HUB changes this value with `CANCEL`. Below is the list of failure causes' code and their meaning:
Click to expand | Code | Description | | --- | --- | | INVALID_REQUEST | Received request is invalid. | | BIN_NOT_FOUND | Bin range is not enrolled in the ACS. | | BIN_DEACTIVATED | Bin range is not activated in the ACS. | | CARD_NOT_FOUND | Card is not enrolled in the ACS. | | CARD_INACTIVATED | Card is not activated for 3DS. | | VE_HUB_CALL_NO_ANSWER | Authentication hub cannot be reached. | | VE_HUB_CALL_INTERNAL_ERROR | Internal error in the authentication hub. | | EXTERNAL_REFERENTIAL_CALL_ISSUE | Error on an external referential. | | VE_TECHNICAL_PROBLEM | Technical issue in the VE service. | | AUTHENTICATION_MEANS_BLACKLISTED | Every authentication means is blacklisted. | | RBA_HIGH_RISK_REFUSAL | Refusal deduced from the high risk level. | | CARD_IN_BLACK_LIST | Card is blacklisted. | | CH_IP_FILTER_FOUND | Cardholder IP address is filtered out. | | CH_IP_COUNTRY_BLACKLISTED | Cardholder IP country is back listed. | | MERCHANT_COUNTRY_BLACKLISTED | Merchant country is blacklisted. | | MERCHANT_URL_BLACKLISTED | Merchant URL is blacklisted. | | MERCHANT_ID_BLACKLISTED | Merchant ID is blacklisted. | | MERCHANT_NAME_BLACKLISTED | Merchant name is blacklisted. | | MERCHANT_DOMAIN_BLACKLISTED | Merchant domain is blacklisted. | | MERCHANT_THRESHOLD_AMOUNT_REACHED | Merchant threshold amount is reached. | | MAXIMUM_COUNTER_REACHED | Cardholder counter's threshold is reached. | | DEFAULT_REFUSAL_PROFILE | Default refusal. | | USER_CANCELLATION | User manually cancelled the transaction. | | TIMEOUT_REACHED | User spent too much time on ACS page. | | PA_HUB_CALL_NO_ANSWER | HUB cannot be reached by the PA service. | | PA_HUB_CALL_INTERNAL_ERROR | Internal technical error in the HUB. | | OTP_SENDING_ERROR | HUB could not sent the OTP. | | PA_TECHNICAL_PROBLEM | Technical issue in the PA service. | | AUTHENTICATION_WINDOW_CLOSED | Cardholder has closed the ACS page. | | PA_NEVER_RECEIVED | PA request not received. | | A_HUB_CALL_INTERNAL_ERROR | Internal technical error in the HUB. | | C_NEVER_RECEIVED | C request not received. | | CAPP_HUB_CALL_INTERNAL_ERROR | Error when called by the challenge app. | | CAPP_HUB_CALL_NO_ANSWER | HUB cannot be reached by challenge app. | | CAPP_TECHNICAL_PROBLEM | Technical issue in the challenge app. | | CARD_EXPIRED | Card has expired. | | CREQ_TIMEOUT_REACHED | 3DS Requestor didn't start the challenge. | | A_HUB_CALL_NO_ANSWER | HUB cannot be reached (Areq). | | A_TECHNICAL_PROBLEM | Technical issue. | | C_HUB_CALL_NO_ANSWER | HUB cannot be reached (Creq). | | C_TECHNICAL_PROBLEM | Technical issue in the Creq. | | EXTERNAL_WS_UNAVAILABLE | Bank's web service unavailable. | | OOB_FAILURE | OOB failed. | | C_HUB_CALL_INTERNAL_ERROR | Error in the authentication HUB (Creq). | | INVALID_RREQ_SENT_TO_DS | Invalid RReq. | | ERRO_TIMEOUT_DS | Timeout on DS. | | AUTHENTICATION_BLOCKED | Authentication is blocked. | | CARD_INVALID | Card has an invalid Luhn key. | | INVALID_CARD_NUMBER | Card has an invalid card number. | | STOLEN_CARD | Card is stolen. | | TRN_NOT_PERMITTED | Transaction not permitted to cardholder. | | RISK_FRAUD | Suspected fraud. | | SWITCH_AUTHENT | Trusted authentication - Switch method. | | INVALID_CREQ_WITHOUT_ALGO_A128GCM | Invalid Creq message. | | TLS_HANDSHAKE_FAILED | TLS mutual authentication error. |
type: "string" examples: - "CANCEL" RBAdecision: description: | RBA decision for the authentication. - `0`: SCA - `1`: Frictionless - `2`: Decline type: "integer" format: "int32" examples: - 0 dsTransId: description: "DS Transaction ID, forwarded as received from EMVCo_3DS Protocol." type: "string" minLength: 1 maxLength: 36 examples: - "318d4d11-c53f-1a0d-2b9e-7fba95ddccca" threeDSWhitelistStatus: description: | Enables the communication of trusted beneficiary/whitelist status between the ACS, the DS and the 3DS Requestor. Field forwarded as received from EMVCo_3DS Protocol. Accepted values are: - `Y`: 3DS Requestor is whitelisted by cardholder - `N`: 3DS Requestor is not whitelisted by cardholder - `E`: Not eligible as determined by issuer - `P`: Pending confirmation by cardholder - `R`: Cardholder rejected - `U`: Whitelist status unknown, unavailable type: "string" minLength: 1 maxLength: 1 enum: - "Y" - "N" - "E" - "P" - "R" - "U" threeDSWhiteListStatusSource: description: | This data element will be populated by the system setting Whitelist Status. Field forwarded as received from EMVCo_3DS Protocol. Possible values are: - `01`: 3DS Server; - `02`: DS; - `03`: ACS; - From `04` to `79`: Reserved for EMVCo future use (values invalid until defined by EMVCo); - From `80` to `99`: Reserved for DS use. type: "string" minLength: 2 maxLength: 2 merchantId: description: "Acquirer-assigned merchant identifier. Field forwarded as received from EMVCo_3DS Protocol." type: "string" minLength: 1 maxLength: 35 examples: - "1111111111" acsTransId: description: "Universally unique transaction identifier assigned by the ACS to identify a single transaction." type: "string" minLength: 36 maxLength: 36 format: "uuid" examples: - "90a60240-0755-4af8-9977-34f01c22a99d" authenticationMethod: description: | Authentication approach that the ACS used to authenticate the cardholder for this specific transaction. Check EMVCo_3DS_Spec to know if this field is optional or not, and to have the excepted format and values. Possible values are: - `01`: Static Passcode; - `02`: SMS OTP; - `03`: Key fob or EMV card reader OTP; - `04`: App OTP; - `05`: OTP Other; - `06`: KBA; - `07`: OOB Biometrics; - `08`: OOB Login; - `09`: OOB Other; - `10`: Other; - `11`: Push Confirmation; - From `12` to `79`: Reserved for future EMVCo use (values invalid until defined by EMVCo); - From `80` to `99`: Reserved for DS use. type: "string" minLength: 2 maxLength: 2 examples: - "08" challengeCancel: description: | Indicator informing the ACS and the DS that the authentication has been canceled. Check EMVCo_3DS_Spec to know if this field is optional or not, and to have the excepted format and values. Possible values are: - `01`: Cardholder selected \"Cancel\"; - `02`: Reserved for future EMVCo use (values invalid until defined by EMVCo); - `03`: Transaction Timed Out — Decoupled Authentication; - `04`: Transaction Timed Out at ACS — other timeouts; - `05`: Transaction Timed Out at ACS — First CReq not received by ACS; - `06`: Transaction Error; - `07`: Unknown; - `08`: Transaction Timed Out at SDK; - From `09` to `79`: Reserved for future EMVCo use (values invalid until defined by EMVCo); - From `80` to `99`: Reserved for future DS use. type: "string" minLength: 2 maxLength: 2 examples: - "01" transStatusReason: description: | Provides information on why the transaction status field has the specified value. Check EMVCo_3DS_Spec to know if this field is optional or not, and to have the excepted format and values. Possible values are: - `01`: Card authentication failed; - `02`: Unknown device; - `03`: Unsupported device; - `04`: Exceeds authentication frequency limit; - `05`: Expired card; - `06`: Invalid card number; - `07`: Invalid transaction; - `08`: No card record; - `09`: Security failure; - `10`: Stolen card; - `11`: Suspected fraud; - `12`: Transaction not permitted to cardholder; - `13`: Cardholder not enrolled in service; - `14`: Transaction timed out at the ACS; - `15`: Low confidence; - `16`: Medium confidence; - `17`: High confidence; - `18`: Very high confidence; - `19`: Exceeds ACS maximum challenges; - `20`: Non-payment transaction not supported; - `21`: 3RI transaction not supported; - `22`: ACS technical issue; - `23`: Decoupled authentication required by ACS but not requested by 3DS Requestor; - `24`: 3DS requestor decoupled max expiry time exceeded; - `25`: Decoupled authentication was provided insufficient time to authenticate cardholder; ACS will not make attempt; - `26`: Authentication attempted but not performed by the cardholder; - From `27` to `79`: Reserved for EMVCo future use (values invalid until defined by EMVCo); - From `80` to `99`: Reserved for DS use. type: "string" minLength: 2 maxLength: 2 examples: - "01" authenticationType: description: | Indicates the type of authentication method the issuer will use to challenge the cardholder. Check EMVCo_3DS_Spec to know if this field is optional or not, and to have the excepted format and values. Possible values are: - `01`: Static; - `02`: Dynamic; - `03`: OOB; - `04`: Decoupled; - From `05` to `79`: Reserved for EMVCo future use (values invalid until defined by EMVCo); - From `80` to `99`: Reserved for DS use. type: "string" minLength: 2 maxLength: 2 examples: - "03" interactionCounter: description: "Indicates the number of authentication cycles attempted by the cardholder. Check EMVCo_3DS_Spec to know if this field is optional or not, and to have the excepted format and values." type: "string" minLength: 2 maxLength: 2 examples: - "10" chosenDevice: description: "The identifier set for the device." type: "string" encryptedAuthenticationValue: description: "Encrypted authentication value sent by ACS in deleteSession request. Encrypted with AES GCM algorithm, using `ìv` field, and the key identified by `keyTag`." type: "string" minLength: 1 maxLength: 255 rbaReason: description: "Reason that will be populated if the corresponding configuration is present for the bank." type: "string" minLength: 1 maxLength: 50 enum: - "LOW_VALUE" - "LOW_SCORE" - "RECURRING" - "ACQ_EXEMPTION" - "SEC_CORPORATE" - "INSTALMENT" - "THREE_RI_INSTALMENT" - "THREE_RI_CARDINFO" - "THREE_RI_WHITELIST" - "THREE_RI_RECURRING" - "THREE_RI_MOTO" - "FRICTIONLESS_DECISION" - "FRICTIONLESS_MERCHANT_TOP_LEVEL" - "ACQ_EXEMPTION_TRA" - "ACQ_EXEMPTION_DATA_SHARE_ONLY" - "ACQ_EXEMPTION_SCA_ALREADY_DONE" - "FRICTIONLESS_TRUSTED_BENEF_ACS" - "FRICTIONLESS_TRUSTED_BENEF_3DSSERVER" - "FRICTIONLESS_TRUSTED_BENEF_DS" - "THREE_RI_ADD_CARD" - "THREE_RI_PAYMENT" - "LOW_RISK_MERCHANT_CB" - "THREE_RI_SPLIT_TRN" - "THREE_RI_ACCOUNT" - "DAF_MUST_APPROVE" - "DAF_ISSUER_DECISION_LOW_RISK" - "FRICTIONLESS_MAINTENANCE_MODE" - "DAF_FIDO_ASSERTION_OK " - "DAF_FIDO_ATTESTATION_OK " - "DAF_FIDO_ATTESTATION_KO " - "DAF_FIDO_ASSERTION_OBO_OK" - "DAF_FIDO_ATTESTATION_OBO_INFO" - "DAF_FIDO_ASSERTION_OBO_VTS_INFO" - "DAF_FIDO_ASSERTION_VTS_OK" - "DAF_FIDO_ASSERTION_VTS_KO" - "HIGH_VALUE" - "HIGH_SCORE" - "MID_VALUE" - "MID_SCORE" - "MAX_FRICTIONLESS" - "NO_RULES" - "RBA_FALLBACK" - "FIRST_RECURRING" - "ACQ_SCA_REQ" - "THREE_RI_DECOUPLED" - "FIRST_INSTALMENT" - "SCA_DECISION" - "SCA_MERCHANT_TOP_LEVEL" - "ID_V_SCA_REQ" - "SCA_TRUSTED_BENEF_3DSSERVER" - "SCA_TRUSTED_BENEF_DS" - "SCA_TRUSTED_BENEF_ACS" - "THREE_RI_SCA_ADD_CARD" - "DAF_ENROLMENT" - "HIGH_RISK" - "SCA_SPLIT_DELAYED_TRN" - "FIRST_SCA" - "DAF_FIDO_ENROLLMENT_AUTHORIZED" - "DAF_FIDO_ENROLLMENT_REFUSED" - "MEDIUM_RISK" - "SCA_ADD_CARD" - "RISK_FRAUD" - "BLACKLISTED" - "DECLINE_DECISION" - "DECLINE_MERCHANT_TOP_LEVEL" - "THREE_RI_DECLINE_ADD_CARD" - "THREE_RI_NOT_SUPPORTED" - "DAF_ISSUER_DECISION_HIGH_RISK" - "DAF_NOT_SUPPORTED" - "DAF_NON_VDAP" - "DAF_SUSPECTED_FRAUD" - "DECLINE_MAINTENANCE_MODE" - "DAF_STOLEN_CARD" - "PRIOR_TRN_NOT_FOUND" - "INVALID_CARD_NUMBER" - "STOLEN_CARD" - "TRN_NOT_PERMITTED" - "BIN_ATTACK_FRAUD" - "DAF_FIDO_ASSERTION_KO" - "DAF_FIDO_ASSERTION_OBO_KO" - "MC_CARD_TESTING_ATTACK" - "EXT_RBA" - "UNKNOWN" examples: - "HIGH_RISK" - "DAF_ENROLMENT" oobAppURLInd: description: "URL indicator of the authentication OOB application allowing the switch between merchant app to the bank app." type: "string" binAttackDetection: description: "BIN attack detection based on the field incriminating hint provided by the scoring platform." type: "boolean" binAttackSource: description: | BIN attack source from configuration. Slash-separated list of sources, among: - `ISSUER_SCORING`; - `EXTERNAL_SCORING`; - `ACS_AI`. type: "string" examples: - "ISSUER_SCORING/EXTERNAL_SCORING" cardStatus: description: "Indicates if the transaction was done on an unknown card or not." type: "string" enum: - "ACTIVE" - "INACTIVE" examples: - "ACTIVE" matchingAttacks: type: array description: List of matching attacks. items: $ref: '#/components/schemas/MatchingAttack' CbDataDTO: description: "CB information. Fields provided from the specifications of message extension specification published by the scheme CB." type: "object" properties: cbAction: description: "CB-ACTION" type: "string" minLength: 2 maxLength: 2 cbBankAction: description: "CB-ACTION_BANK" type: "string" minLength: 2 maxLength: 2 cbBankScore: description: "CB-SCORE_BANK" type: "integer" minimum: 0 maximum: 99 format: "int32" cbDetokenizedPAN: description: "CB-DETOKENIZEDPAN" type: "string" minLength: 13 maxLength: 19 cbDeviceIndData: description: "CB-DEVICEIND" type: object properties: acctNbOnCountryIpD2D180: type: "string" minLength: 3 maxLength: 3 acctNbOnOtherDeviceD2D180: type: "string" minLength: 3 maxLength: 3 acctNbOnSameDeviceD2D180: type: "string" minLength: 3 maxLength: 3 emailOnOtherDeviceD2D180: type: "string" minLength: 3 maxLength: 3 emailOnSameDeviceD2D180: type: "string" minLength: 3 maxLength: 3 ipOnOtherDeviceD2D180: type: "string" minLength: 3 maxLength: 3 ipOnSameDeviceD2D180: type: "string" minLength: 3 maxLength: 3 nbAcctNbOnSameDeviceD0D4: type: "string" minLength: 3 maxLength: 3 nbDaySinceFirstAcctNbOnSameDevice: type: "string" minLength: 3 maxLength: 3 nbDaySinceFirstEmailUse: type: "string" minLength: 3 maxLength: 3 nbDeviceOnSameAcctNbD2D180: type: "string" minLength: 3 maxLength: 3 nbDeviceOnSameEmailD2D180: type: "string" minLength: 3 maxLength: 3 nbDeviceOnSameIpD2D180: type: "string" minLength: 3 maxLength: 3 nbDeviceOnSamePhoneD2D180: type: "string" minLength: 3 maxLength: 3 phoneOnOtherDeviceD2D180: type: "string" minLength: 3 maxLength: 3 phoneOnSameDeviceD2D180: type: "string" minLength: 3 maxLength: 3 versionDIRs: type: "string" minLength: 3 maxLength: 5 cbExemptacq: description: "CB-EXEMPTACQ" type: "boolean" cbItemsnb: description: "CB-ITEMSNB" type: "string" minLength: 2 maxLength: 2 cbScore: description: "CB-USECASE" type: "integer" minimum: 0 maximum: 99 format: "int32" cbScoreMerchant: description: "CB-SCORE" type: "string" minLength: 1 maxLength: 20 cbUsecase: description: "CB-USECASE" type: "string" minLength: 2 maxLength: 2 ContextDTO: description: "Most of the fields transmitted on `context` object are provided from the specifications of 3DS Protocol. The same attribute names can be retrieved from EMVCo_3DS_Spec with up-to-date information regarding the expected format and values." type: "object" required: - "messageVersion" - "threeDSRequestorName" properties: acceptLanguage: description: "Value representing the browser language preference present in the HTTP header. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "array" minItems: 1 maxItems: 99 items: description: "Language, as defined in IETF BCP 47." type: "string" acctId: description: "Cardholder account identifier." type: "string" maxLength: 64 examples: - "88cb4d4c-cdd9-45c8-80d7-b39d17a037d4" acctInfo: description: "Cf. Table A.8: Cardholder Account Information from \"EMV 3-D Secure Protocol and Core Functions Specification v2.1.0\"." type: "string" format: "json" acctType: description: "Account type." type: "string" minLength: 2 maxLength: 2 acquirerCountryCode: description: "Issuers need to be aware of the acquirer country code when the acquirer country differs from the merchant country and the acquirer is in the EEA (this could mean that the transaction is covered by PSD2)." type: "string" minLength: 3 maxLength: 3 format: "ISO 3166-1 numeric" acquirerCountryCodeSource: description: "This data element is populated by the system setting the acquirer country code. The DS may edit the value provided by the 3DS server. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" maxLength: 2 addrMatch: description: "Indicates whether the cardholder shipping address and cardholder billing address are the same." type: "boolean" appIp: description: "External IP address (i.e., the device public IP address) used by the 3DS requestor app when it connects to the 3DS requestor environment. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" maxLength: 45 billingAddress: allOf: - $ref: '#/components/schemas/AddressDTO' - description: "Cardholder billing address." bridgingExtension: description: "Flag that specifies whether \"bridging extension\" functionality is enabled or not. When functionality is enabled, the request processing applies same behavior for \"control\" fields (for example fields `recurringAmount` or / and `recurringCurrency`) as if request would be processed for protocol version 2.3 or higher. Can be used for protocol versions 2.1 and 2.2." type: "boolean" examples: - true Browser: description: "Browser name." type: "string" maxLength: 100 examples: - "Chrome" browserAcceptHeader: description: "Browser Accept header." type: "string" maxLength: 2048 examples: - "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" browserColorDepth: description: "Browser screen color depth." type: "string" minLength: 1 maxLength: 2 examples: - "24" browserJavaEnabled: description: "Browser Java enabled." type: "boolean" examples: - false browserJavascriptEnabled: description: "Browser JavaScript enabled." type: "boolean" examples: - true browserLanguage: description: "Browser language." type: "string" minLength: 1 maxLength: 35 examples: - "en-US" browserScreenHeight: description: "Browser screen height." type: "string" minLength: 1 maxLength: 6 examples: - "864" browserScreenWidth: description: "Browser screen width." type: "string" minLength: 1 maxLength: 6 examples: - "1536" browserTZ: description: "Browser time zone." type: "string" minLength: 1 maxLength: 5 examples: - "-330" cardType: description: "Card brand type." type: "string" enum: - "CREDIT" - "DEBIT" cbData: $ref: '#/components/schemas/CbDataDTO' createdTime: description: "Created timestamp." type: "string" format: "yyyy-MM-dd'T'HH:mm:ss.SSS" examples: - "2021-10-14T11:20:00.128" deliveryEmailAddress: description: "For electronic delivery, the email to which the merchandise was delivered." type: "string" maxLength: 254 deliveryTimeframe: description: | Indicates the merchandise delivery timeframe. Possible values are: - `01`: Electronic Delivery; - `02`: Same day shipping; - `03`: Overnight shipping; - `04`: Two-day or more shipping. type: "string" minLength: 2 maxLength: 2 deviceChannel: description: "Device channel." type: "string" minLength: 2 maxLength: 2 examples: - "02" deviceId: description: "Browser device ID. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" maxLength: 64 deviceInfo: description: "Device information." type: "string" maxLength: 64000 deviceRenderOptions: description: "Device rendering options supported. Cf. table A.13: Device Rendering Options Supported from \"EMV 3-D Secure Protocol and Core Functions Specification v2.1.0\"." type: "string" format: "json" dsAuthInfVerifInd: description: "WL FIDO OBO DS authentication information verification indicator." type: "string" dsDecision: description: "DS decision." type: "string" dsIssuerDecision: description: "DS issuer decision." type: "string" dsIssuerScore: description: "DS issuer score value." type: "integer" format: "int32" dsReferenceNumber: description: "DS reference number." type: "string" maxLength: 32 dsScore: description: | DS score. Can be: - Visa score (0-99); - Mastercard score (0-950 in increments of 50); - CB score (data). type: "integer" format: "int32" dsTransID: description: "DS transaction ID." type: "string" maxLength: 36 examples: - "136cc59c-e3be-516f-4b9e-23b131c1c782" dsURL: description: "DS URL." type: "string" maxLength: 2048 emvPaymentToken: description: "EMV token message extension." type: "string" externalDecision: description: "Decision provided by the external scoring provider." type: "string" enum: - "STRONG" - "NONE" - "REFUSED" externalIssuerDecision: description: "Decision that is provided by an external scoring platform on behalf of the issuer bank (if the provider flag is set to \"EXTERNAL\")." type: "string" enum: - "STRONG" - "NONE" - "REFUSED" externalIssuerScore: description: "Score that is provided and sent back from an external scoring platform on behalf of the issuer bank." type: "integer" minimum: 0 maximum: 99 format: "int32" examples: - 0 externalScore: description: "Score provided by the external scoring provider." type: "integer" minimum: 0 maximum: 99 format: "int32" examples: - 41 ipv4: description: "IP of the transaction in version 4. `browserIP` in 3DS protocol." type: "string" minLength: 15 maxLength: 15 examples: - "160.92.190.129" ipv6: description: "IP of the transaction in version 6. `browserIP` in 3DS protocol." type: "string" minLength: 45 maxLength: 45 issuerBin: description: "IssuerBin of the payment provided for scoring." type: "string" examples: - "49123456" mcData: $ref: '#/components/schemas/McDataDTO' mcDecision: deprecated: true description: "Use `mcData.mcDecision` instead." type: "string" mcReasonCode1: deprecated: true description: "Use `mcData.mcReasonCode1` instead." type: "string" mcReasonCode2: deprecated: true description: "Use `mcData.mcReasonCode2` instead." type: "string" mcScore: deprecated: true description: "Use `mcData.mcScore` instead." type: "integer" format: "int32" mcStatus: deprecated: true description: "Use `mcData.mcStatus` instead." type: "string" merchantFraudRate: description: | Merchant fraud rate in the EEA (all EEA card fraud divided by all EEA card volumes) calculated as per PSD2 RTS. Mastercard will not calculate or validate the merchant fraud score. Possible values are: - `1` (represents fraud rate less than or equal to 1 basis point [bp], which is 0.01%); - `2` (represents fraud rate between 1 bp + - and 6 bps); - `3` (represents fraud rate between 6 bps + - and 13 bps); - `4` (represents fraud rate between 13 bps + - and 25 bps); - `5` (represents fraud rate greater than 25 bps). type: "string" maxLength: 2 merchantRiskIndicator: description: "Cf. table A.9: Merchant Risk Indicator from \"EMV 3-D Secure Protocol and Core Functions Specification v2.1.0\"." type: "string" format: "json" messageCategory: description: "Identifies the category of the message for a specific use case." type: "string" minLength: 2 maxLength: 2 examples: - "01" messageExtension: description: "Cf. table A.7: Message Extension Attributes from \"EMV 3-D Secure Protocol and Core Functions Specification v2.1.0\"." type: "string" format: "json" messageVersion: description: "Version of 3DS protocol." type: "string" minLength: 5 maxLength: 8 examples: - "2.1.0" - "1.0.2" multiTransaction: description: "Additional transaction information in case of multiple transactions or merchants. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" nbPurchaseAccount: description: "Number of purchases with this cardholder account during the previous six months." type: "string" maxLength: 4 network: description: "Network corresponding to DS." type: "string" enum: - "CB" - "MASTERCARD" - "VISA" - "MAESTRO" - "BANCONTACT" - "JCB" - "VISADEBIT" examples: - "VISA" operatingSystem: description: "OS information." type: "string" maxLength: 32 examples: - "Windows 10" passThroughRespData: description: "Complete JSON response data about the pass-through process." type: "string" passThroughVerified: description: "Status describing whether the pass-through is verified or not, based on status value." type: "boolean" payTokenInd: description: "EMV payment token indicator." type: "boolean" examples: - false payTokenInfo: description: "Information about de-tokenized payment token. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" payTokenSource: description: "EMV payment token source." type: "string" minLength: 2 maxLength: 2 paymentAccInd: description: | Indicates the length of time that the payment account was enrolled in the cardholder’s account with the 3DS Requestor. Possible values are: - `01`: No account (guest check-out); - `02`: During this transaction; - `03`: Less than 30 days; - `04`: 30−60 days; - `05`: More than 60 days type: "string" minLength: 2 maxLength: 2 preOrderPurchaseInd: description: | Indicates whether the cardholder is placing an order for merchandise with a future availability or release date. Possible values are: - `01`: Merchandise available; - `02`: Future availability; type: "string" minLength: 2 maxLength: 2 provisionAttemptsDay: description: "Number of Add Card attempts in the last 24 hours." type: "string" maxLength: 3 examples: - "2" - "02" - "002" purchaseInstalData: description: "Indicates the maximum number of authorisations permitted for instalment payments." type: "string" maxLength: 3 rcptCountry: description: "Iso country code of the recipient - PSU. It corresponds on ACS side to the country code (in alpha3 format), based on cardholder IP address." type: "string" minLength: 3 maxLength: 3 format: "ISO 3166-1 alpha-3" examples: - "FRA" - "DEU" recurringAmount: description: "Recurring amount in minor units of currency with all punctuation removed. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" maxLength: 48 recurringCurrency: description: "Currency in which recurring amount is expressed. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" maxLength: 3 recurringDate: description: "Effective date of new authorised amount following first/promotional payment in recurring transaction. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" maxLength: 8 recurringExpiry: description: "Recurring expiry." type: "string" minLength: 8 maxLength: 8 recurringExponent: description: "Minor units of currency as specified in the ISO 4217 currency exponent. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" minLength: 1 maxLength: 1 recurringFrequency: description: "Recurring frequency." type: "string" maxLength: 4 recurringInd: $ref: '#/components/schemas/RecurringIndicatorDTO' reorderItemsInd: description: | Indicates whether the cardholder is reordering previously purchased merchandise. Possible values are: - `01`: First time ordered; - `02`: Reordered. type: "string" minLength: 2 maxLength: 2 scaExemptions: description: | This will allow the same 3DS requestor challenge indicator values defined in v2.2 for PSD2 SCA exemptions; this field is used when an acquirer exemption or Merchant Initiated Transaction (MIT) applies or when SCA delegation was used (merchant participates in Authentication Express). Possible values are: - `05`: No challenge requested (transactional risk analysis is already performed); - `06`: No challenge requested (data share only); - `07`: No challenge requested (SCA is already performed). type: "string" minLength: 2 maxLength: 2 sdkAppID: description: "SDK app ID." type: "string" minLength: 36 maxLength: 36 sdkEncData: description: "SDK encrypted data." type: "string" maxLength: 15360 sdkEphemPubKey: description: "SDK ephemeral public key (Qc)." type: "string" maxLength: 128 sdkReferenceNumber: description: "SDK reference number." type: "string" maxLength: 32 sdkTransID: description: "SDK transaction ID." type: "string" maxLength: 36 secureCorporatePayment: description: "Indicates dedicated payment processes and procedures were used, potential secure corporate payment exemption applies. Logically, this field should only be set to `Y` (yes) if the acquirer exemption field is blank. A merchant cannot claim both acquirer exemption and secure payment. However, the DS will not validate the conditions in the extension. DS will pass data as presented." type: "string" minLength: 1 maxLength: 1 enum: - "Y" - "N" sellerInfo: description: "Additional transaction information for transactions where merchants submit transaction details on behalf of another entity, i.e. individual sellers in a marketplace or drivers in a ride share platform. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" shipAddressUsageInd: description: | Indicates when the shipping used for this transaction was first used with the 3DS Requestor. Possible values are: - `01`: This transaction; - `02`: Less than 30 days; - `03`: 30−60 days; - `04`: More than 60 days. type: "string" minLength: 2 maxLength: 2 shipIndicator: description: | Indicates shipping method chosen for the transaction. Merchants must choose the Shipping Indicator code that most accurately describes the cardholder’s specific transaction, not their general business. If one or more items are included in the sale, use the shipping indicator code for the physical goods, or if all digital goods, use the shipping indicator code that describes the most expensive item. Possible values are: - `01`: Ship to cardholder’s billing address; - `02`: Ship to another verified address on file with merchant; - `03`: Ship to address that is different than the cardholder’s billing address; - `04`: Ship to store (store address should be populated); - `05`: Digital goods (includes online services, electronic gift cards and redemption codes); - `06`: Travel and event tickets, not shipped; - `07`: Other. type: "string" minLength: 2 maxLength: 2 shipNameIndicator: description: | Indicates if the cardholder name on the account is identical to the shipping name used for this transaction. Possible values are: - `01`: Account name identical to shipping name; - `02`: Account name different than shipping name. type: "string" minLength: 2 maxLength: 2 shippingAddress: allOf: - $ref: '#/components/schemas/AddressDTO' - description: "Cardholder shipping address." suspiciousAccActivity: description: | Indicates whether the 3DS requestor has experienced suspicious activity (including previous fraud) on the cardholder account. Possible values are: - `01`: No suspicious activity has been observed; - `02`: Suspicious activity has been observed. type: "string" minLength: 2 maxLength: 2 taxId: description: "Cardholder’s tax identification. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" maxLength: 45 threeDSMethodCollectedData: description: "3DS method collected data." type: "string" format: "json" threeDSMethodId: description: "Contains the 3DS server transaction ID used during the previous execution of the 3DS method. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" maxLength: 36 threeDSReqAuthData: description: "WL FIDO attestation/assertion data of the pass-through mode." type: "string" threeDSReqAuthMethod: description: "3DS requestor authentication method." type: "string" minLength: 2 maxLength: 2 threeDSReqAuthTimestamp: description: "Date and time in UTC of the cardholder authentication." type: "string" minLength: 12 maxLength: 12 format: "yyyyMMddHHmm" threeDSReqPriorAuthData: description: "Handle MasterCard card info request processing. When dealing with MasterCard and the subsequent transaction is recurring, equals the `dsTransID` (first recurring or \"parent\" transaction ID should be extracted from this field). In other words: if provided `network` is `MasterCard`, then the transaction ID is going to be \"extracted\" from current field. Otherwise, it should be \"retrieved\" from `threeDSReqPriorRef` field as originally intended." type: "string" examples: - "dsTransID : de8ad526-8835-4f7c-b8b9-2e38ccdf022" threeDSReqPriorAuthMethod: description: | Mechanism used by the Cardholder to previously authenticate to the 3DS Requestor. Possible values are: - `01`: Frictionless authentication occurred by ACS; - `02`: Cardholder challenge occurred by ACS; - `03`: AVS verified; - `04`: Other issuer methods; - From `05` to `79`: Reserved for EMVCo future use (values invalid until defined by EMVCo); - From `80` to `99`: Reserved for DS use. type: "string" minLength: 2 maxLength: 2 threeDSReqPriorAuthTimestamp: description: "Date and time in UTC of the prior cardholder authentication." type: "string" minLength: 12 maxLength: 12 format: "yyyyMMddHHmm" threeDSReqPriorDsTransId: description: "3DS Reqestor Prior DS Transaction ID" type: "string" threeDSReqPriorRef: description: "This data element provides additional information to the ACS to determine the best approach for handing a request. This data element contains an ACS Transaction ID for a prior authenticated transaction (for example, the first recurring transaction that was authenticated with the cardholder)." type: "string" minLength: 36 maxLength: 36 threeDSRequestor3RIInd: description: "3DS requestor three RI indicator." type: "string" minLength: 2 maxLength: 2 threeDSRequestorAuthenticationIndicator: description: "3DS requestor authentication indicator." type: "string" maxLength: 2 examples: - "01" threeDSRequestorAuthenticationInfo: description: "3DS requestor authentication information. Cf. table A.12 (A.10 in version 2.2): 3DS Requestor Authentication Information from \"EMV 3-D Secure Protocol and Core Functions Specification v2.3.1\"." type: "string" maxLength: 20100 format: "json" threeDSRequestorChallengeInd: description: "3DS requestor challenge indicator." type: "string" minLength: 2 maxLength: 2 threeDSRequestorDecMaxTime: description: "Indicates the maximum amount of time that the 3DS requestor will wait for an ACS to provide the results of a decoupled authentication transaction, in minutes (maximum allowed: 10080)." type: "string" minLength: 1 maxLength: 5 threeDSRequestorDecReqInd: description: "3DS requestor decoupled request indicator." type: "string" minLength: 1 maxLength: 1 enum: - "Y" - "N" threeDSRequestorID: description: "3DS requestor ID." type: "string" maxLength: 35 examples: - "1111111111" threeDSRequestorName: description: "3DS requestor name." type: "string" maxLength: 40 examples: - "MyThreeDSRequestorACS3" threeDSRequestorPriorAuthenticationInfo: description: "3DS requestor prior transaction authentication information." type: "string" maxLength: 20255 threeDSRequestorSpcSupport: description: "Indicate if the 3DS requestor supports the SPC authentication. If present, this field contains the value `Y`. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" minLength: 1 maxLength: 1 enum: - "Y" threeDSRequestorURL: description: "Fully qualified URL of 3DS requestor website or customer care site. This data element provides additional information to the receiving 3-D Secure system if a problem arises and should provide contact information." type: "string" maxLength: 2048 examples: - "http://server.domainname.com" threeDSServerOperatorID: description: "3DS server operator ID." type: "string" maxLength: 32 threeDSServerRefNumber: description: "3DS server reference number." type: "string" maxLength: 32 threeDSServerTransID: description: "3DS server transaction ID." type: "string" minLength: 36 maxLength: 36 threeDSServerURL: description: "3DS server URL." type: "string" maxLength: 2048 threeRIInd: description: "Indicates the type of 3RI request." type: "string" minLength: 2 maxLength: 2 transType: description: "Transaction type." type: "string" minLength: 2 maxLength: 2 travelIndustry: description: "Travel industry message extension. An optional JSON field that must be forwarded from ACS to scoring request (if present)." type: "string" maxLength: 8059 txnActivityDay: description: "Number of transactions (successful and abandoned) for this cardholder account with the 3DS requestor across all payment accounts in the previous 24 hours." type: "string" maxLength: 3 examples: - "2" - "02" - "002" ua: description: "User agent of the customer. `browserUserAgent` in 3DS protocol." type: "string" minLength: 1 maxLength: 4000 examples: - "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" userId: description: "Browser user ID. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information." type: "string" maxLength: 64 visaData: allOf: - $ref: '#/components/schemas/VisaDataDTO' - examples: - { } visaFidoData: description: "WL FIDO on-behalf-of mode data." type: "string" whiteListStatus: description: "Whitelist status." type: "string" minLength: 1 maxLength: 1 whiteListStatusSource: description: "Whitelist status source." type: "string" minLength: 2 maxLength: 2 CurrencyDTO: description: "Currency object representing transaction payment currency." type: "object" required: - "label" - "code" properties: label: description: "Currency label." type: "string" minLength: 3 maxLength: 3 examples: - "EUR" code: description: "Currency code." type: "string" minLength: 3 maxLength: 3 examples: - "978" examples: - { "label": "USD", "code": "840" } McDataDTO: description: "MC information. Fields provided from the specifications of message extension specification published by MasterCard." type: "object" properties: mcDecision: description: "Mastercard recommendation, indicating the authentication risk of the given transaction." type: "string" minLength: 1 maxLength: 36 mcReasonCode1: description: "Mastercard reason code 1 of message extension. One character value reflecting key anchor variables related to the transaction, with A as the highest risk to Z as the most trusted reason." type: "string" minLength: 1 maxLength: 1 mcReasonCode2: description: "Mastercard reason code 2 of message extension. Currently not used." type: "string" mcScore: description: "Mastercard score between 0-950 in increments of 50, with the threshold for card testing attacks = 998." type: "integer" format: "int32" minimum: 0 maximum: 999 mcStatus: description: "Mastercard status of message extension. Indicates whether Mastercard is able to provide the authentication assessment for that transaction." type: "string" minLength: 1 maxLength: 36 NonPaymentDTO: description: "Non Payment transaction information. Mandatory if `transactionType` = \"3DSReq\" and `messageCategory` = \"02\" (or \"86\")." type: "object" required: - "xid" properties: xid: description: "Transaction XID" type: "string" minLength: 36 maxLength: 36 transactionDate: description: "Date of the transaction. Required for 02-NPA if 3DS Requestor Authentication Indicator = 02 or 03. Otherwise not provided." type: "string" minLength: 14 maxLength: 14 format: "yyyyMMddHHmmss" transactionAmount: allOf: - $ref: '#/components/schemas/AmountDTO' - description: "Amount of the transaction. Required for 02-NPA if 3DS Requestor Authentication Indicator = 02 or 03. Otherwise not provided." convertedAmount: allOf: - $ref: '#/components/schemas/AmountDTO' - description: "Amount of the transaction converted in the issuer currency. Required for 02-NPA if 3DS Requestor Authentication Indicator = 02 or 03. Otherwise not provided." cardInsertionDate: description: "The creation date of the card on APM database." type: "string" minLength: 14 maxLength: 14 format: "yyyyMMddHHmmss" cardExpiryDate: description: "The card expiry date." type: "string" minLength: 7 maxLength: 7 format: "yyyy-MM" binAcq: description: "Transaction acquiring bin." type: "string" minLength: 1 maxLength: 11 examples: - "700004" merchant: $ref: '#/components/schemas/TPPDTO' PSUDTO: description: "PSU information." type: "object" properties: cardHolderId: description: "Identifier of the cardholder." type: "string" minLength: 1 maxLength: 64 examples: - "0009481188395156414" cardHolderName: description: "Name of the cardholder." type: "string" minLength: 2 maxLength: 45 principal: $ref: '#/components/schemas/PrincipalDTO' insertionDateCardHolder: description: "Insertion date of the cardholder in ACS platform, in ISO 8601 datetime format." type: "string" format: "yyyy-MM-dd'T'HH:mm:ss" authMeans: description: "Means available for the authentication." type: "array" items: $ref: '#/components/schemas/AuthMeanDTO' language: description: "Language of the customer." type: "string" minLength: 2 maxLength: 2 format: "ISO 639-1" email: description: "Cardholder email address." type: "string" minLength: 1 maxLength: 254 homePhone: $ref: '#/components/schemas/PhoneNumberPSU' mobilePhone: $ref: '#/components/schemas/PhoneNumberPSU' workPhone: $ref: '#/components/schemas/PhoneNumberPSU' cardId: description: "Relative identifier of a card, used in scoring request since 24R1." type: "string" minLength: 1 maxLength: 36 examples: - "172eea51-c842-4834-9753-1fc55239c63d" PaymentDTO: description: "Payment transaction information. Mandatory if `transactionType` = \"3DSReq\" and `messageCategory` = \"01\" (or \"85\")." type: "object" required: - "xid" - "transactionAmount" - "convertedAmount" properties: xid: description: "Transaction XID. Contains `authentication.acsTransID`." type: "string" minLength: 36 maxLength: 36 format: "uuid" examples: - "88cb4d4c-cdd9-45c8-80d7-b39d17a037d4" transactionDate: description: "Date of the transaction." type: "string" minLength: 14 maxLength: 14 format: "yyyyMMddHHmmss" examples: - "20240705123142" transactionAmount: $ref: '#/components/schemas/AmountDTO' convertedAmount: $ref: '#/components/schemas/AmountDTO' maskedPAN: description: "Masked PAN." type: "string" examples: - "4970xxxxxxxx0601" cardInsertionDate: description: "The creation date of the card on APM database." type: "string" minLength: 14 maxLength: 14 format: "yyyyMMddHHmmss" cardExpiryDate: description: "The card expiry date." type: "string" minLength: 7 maxLength: 7 format: "yyyy-MM" examples: - "2029-02" binAcq: description: "Transaction acquiring bin." type: "string" minLength: 1 maxLength: 11 examples: - "700004" merchant: $ref: '#/components/schemas/TPPDTO' virtualCard: description: "Describes whether the transaction is initialized with a virtual card." type: "boolean" examples: - false vMaskedPan: description: "Masked PAN of the virtual card." type: "string" minLength: 8 maxLength: 16 vExpiryDate: description: "Expiry date of the virtual card." type: "string" minLength: 7 maxLength: 7 format: "yyyy-MM" PhoneNumberPSU: description: "Cardholder phone number. Field forwarded as received from EMVCo_3DS protocol." type: "object" properties: cc: description: "Country code." type: "string" minLength: 1 maxLength: 3 format: "ITU E.164" subscriber: description: "Subscriber." type: "string" minLength: 1 maxLength: 15 PrincipalDTO: description: "Principal identifier of cardholder. If `type` = \"ENCRYPTED_PAN\", the `value` must be the PAN, encrypted by the key corresponding to the request's `keyTag`." type: "object" required: - "type" - "value" properties: type: description: "Type of principal." type: "string" minLength: 1 maxLength: 50 enum: - "PAN" - "ENCRYPTED_PAN" - "TOKENPAN" value: description: "Value of the principal" type: "string" minLength: 1 maxLength: 255 examples: - { "type": "ENCRYPTED_PAN", "value": "3d6932d5dcd436f76765d5057efcbd95fe659dc67aa029abf23412902ddeea2f" } RecurringIndicatorDTO: description: | Indicates whether the recurring or instalment payment has a fixed or variable amount and frequency. The recurring indicator object contains: - The amount indicator; - The frequency indicator. Cf. EMVCo Protocol and Core Functions Specification v2.3.1 for more information. type: "object" properties: amountInd: description: | Possible values are: - `01`: Fixed purchase amount; - `02`: Variable purchase amount; - `03-79`: Reserved for EMVCo future use (values invalid until defined by EMVCo); - `80-99`: Reserved for DS use. type: "string" minLength: 2 maxLength: 2 frequencyInd: description: | Possible values are: - `01`: Fixed frequency; - `02`: Variable frequency; - `03-79`: Reserved for EMVCo future use (values invalid until defined by EMVCo); - `80-99`: Reserved for DS use. type: "string" minLength: 2 maxLength: 2 examples: - { "amountInd": "01", "frequencyInd": "02" } ScoringRequest: description: "Object used to request a scoring." type: "object" required: - "id" - "createdTime" - "transactionType" - "transactionSubType" - "platform" - "issuerCode" - "subIssuerCode" - "psu" properties: id: description: "Non-sequential identifier." type: "string" minLength: 36 maxLength: 36 format: "uuid" examples: - "90a60240-0755-4af8-9977-34f01c22a99d" createdTime: description: "Datetime computed on creation, in French locale timezone." type: "string" minLength: 14 maxLength: 14 format: "yyyyMMddHHmmss" examples: - "20240724192617" transactionType: description: | Service / use case which requests the authentication. Possible values are: - `3DSReq`: 3DS request; - `AIReq`: Account Information request; - `PIReq`: Payment Initiation request; - `PIIReq`: Payment Instrument request. For 3DS transactions, the value is `3DSReq`. type: "string" enum: - "3DSReq" - "AIReq" - "PIReq" - "PIIReq" examples: - "3DSReq" transactionSubType: description: | Refers to the subtype of the transaction (used for instance to precise if a credit transfer is recurring or single one). Depending on `transactionType`, possible values are: - For `3DSReq`: - `3DS`: 3DS. - For `AIReq`: - `AAD`: Ask Account Data; - `AAT`: Ask Account Transaction; - `AAB`: Ask Account Balance; - `AAA`: Ask Account Access. - For `PIReq`: - `CTR`: Credit Transfer Recurrent; - `CTS`: Credit Transfer Single; - `CTA`: Credit Transfer Access. - For `PIIReq`: - `FCC`: FundsCoverageCheck. For 3DS transactions, the value is `3DS`. type: "string" enum: - "3DS" - "AAD" - "AAT" - "AAB" - "AAA" - "CTR" - "CTS" - "CTA" - "FCC" examples: - "3DS" platform: description: "Technical service name of the bank in ACS." type: "string" minLength: 1 maxLength: 255 examples: - "ACS_U0T" issuerCode: description: "Issuer code." type: "string" minLength: 5 maxLength: 5 examples: - "99998" subIssuerCode: description: "Sub-issuer code." type: "string" minLength: 5 maxLength: 5 examples: - "99998" issuerName: description: "Name of the issuer bank." type: "string" maxLength: 45 examples: - "" keyTag: description: "Key indicator shared between client and server. Mandatory if at last one field is encrypted in the request." type: "string" minLength: 2 maxLength: 2 examples: - "01" iv: description: "Initialization Vector used for data encryption, sent only if IV HUB parameter is set to \"RANDOM\". String of 32 digits fo CBC, 24 digits for GCM." type: "string" minLength: 24 maxLength: 32 examples: - "52461317222085701211244775688864" psu: $ref: '#/components/schemas/PSUDTO' payment: $ref: '#/components/schemas/PaymentDTO' nonPayment: $ref: '#/components/schemas/NonPaymentDTO' context: $ref: '#/components/schemas/ContextDTO' browser: description: "Browser used by the cardholder during payment." type: "string" minLength: 1 maxLength: 50 examples: - "Chrome" freeContext: description: "Free map of key-value string pairs, for additional data." type: "object" format: "Map of strings" additionalProperties: description: "Free data." type: "string" NotificationRequest: type: "object" required: - "id" - "createdTime" - "transactionType" - "transactionSubType" - "platform" - "issuerCode" - "subIssuerCode" properties: id: description: "Non-sequential identifier." type: "string" minLength: 36 maxLength: 36 format: "uuid" examples: - "90a60240-0755-4af8-9977-34f01c22a99d" createdTime: description: "Datetime computed on creation, in French locale timezone." type: "string" minLength: 14 maxLength: 14 format: "yyyyMMddHHmmss" examples: - "20240724192617" transactionType: description: | Service / use case which requests the authentication. Possible values are: - `3DSReq`: 3DS request; - `AIReq`: Account Information request; - `PIReq`: Payment Initiation request; - `PIIReq`: Payment Instrument request. For 3DS transactions, the value is `3DSReq`. type: "string" enum: - "3DSReq" - "AIReq" - "PIReq" - "PIIReq" examples: - "3DSReq" transactionSubType: description: | Refers to the subtype of the transaction (used for instance to precise if a credit transfer is recurring or single one). Depending on `transactionType`, possible values are: - For `3DSReq`: - `3DS`: 3DS. - For `AIReq`: - `AAD`: Ask Account Data; - `AAT`: Ask Account Transaction; - `AAB`: Ask Account Balance; - `AAA`: Ask Account Access. - For `PIReq`: - `CTR`: Credit Transfer Recurrent; - `CTS`: Credit Transfer Single; - `CTA`: Credit Transfer Access. - For `PIIReq`: - `FCC`: FundsCoverageCheck. For 3DS transactions, the value is `3DS`. type: "string" enum: - "3DS" - "AAD" - "AAT" - "AAB" - "AAA" - "CTR" - "CTS" - "CTA" - "FCC" examples: - "3DS" platform: description: "Technical service name of the bank in ACS." type: "string" minLength: 1 maxLength: 255 examples: - "ACS_U0T" issuerCode: description: "Issuer code." type: "string" minLength: 5 maxLength: 5 examples: - "99998" subIssuerCode: description: "Sub-issuer code." type: "string" minLength: 5 maxLength: 5 examples: - "99998" issuerName: description: "Name of the issuer bank." type: "string" maxLength: 45 examples: - "" keyTag: description: "Key indicator shared between client and server. Mandatory if at last one field is encrypted in the request." type: "string" minLength: 2 maxLength: 2 examples: - "01" iv: description: "Initialization Vector used for data encryption, sent only if IV HUB parameter is set to \"RANDOM\". String of 32 digits fo CBC, 24 digits for GCM." type: "string" minLength: 24 maxLength: 32 examples: - "52461317222085701211244775688864" authentication: $ref: '#/components/schemas/AuthenticationDTO' blackListStatus: description: "Flag if blacklist applied." type: "boolean" examples: - false whiteListStatus: description: "Flag if whitelist applied." type: "boolean" examples: - false freeContext: description: "Free map of key-value string pairs, for additional data." type: "object" format: "Map of strings" additionalProperties: description: "Free data." type: "string" ScoringResponse: type: "object" required: - "requestId" - "date" - "authScore" properties: requestId: description: "Non-sequential identifier, as provided in the request." type: "string" minLength: 36 maxLength: 36 format: "uuid" examples: - "90a60240-0755-4af8-9977-34f01c22a99d" date: description: "Date of the response provided." type: "string" format: "yyyy-MM-dd'T'HH:mm:ss" examples: - "2024-07-24T19:26:17" authScore: description: "Risk Score." type: "integer" minimum: 0 maximum: 100 format: "int32" examples: - 20 authIndicator: description: | Strong customer authentication indicator. Possible values are: - `0`: SCA required; - `1`: No SCA required; - `2`: Decline authentication request; - `10`: SCA optional (according to risk score). type: "integer" format: "int32" examples: - 10 incriminatingHint: description: "Incriminating hint text explanation." type: "string" minLength: 0 maxLength: 2048 examples: - "" exoneratingHint: description: "Exonerating hint text explanation." type: "string" minLength: 0 maxLength: 2048 examples: - "Amount lower than 200" NotificationResponse: type: "object" required: - "requestId" properties: requestId: description: "Non-sequential identifier, as provided in the request." type: "string" minLength: 36 maxLength: 36 format: "uuid" RequestBody: type: "object" properties: Request: oneOf: - $ref: '#/components/schemas/ScoringRequest' - $ref: '#/components/schemas/NotificationRequest' ResponseBody: type: "object" properties: response: oneOf: - $ref: '#/components/schemas/ScoringResponse' - $ref: '#/components/schemas/NotificationResponse' TPPDTO: description: "Merchant information." type: "object" properties: name: description: "Name of the TPP. Optional for 02-NPA, otherwise mandatory." type: "string" minLength: 1 maxLength: 1024 examples: - "MyTestMerchantACS3" country: description: "ISO country code of the TPP. Optional for 02-NPA, otherwise Mandatory." type: "string" minLength: 3 maxLength: 3 format: "ISO 3166-1 numerical" examples: - "250" id: description: "ID of the TPP. Optional for 02-NPA, otherwise mandatory." type: "string" minLength: 1 maxLength: 255 examples: - "1111111111" url: description: "URL of the TPP. Optional for 02-NPA, otherwise mandatory." type: "string" minLength: 1 maxLength: 2048 examples: - "www.acs3TestMerchant.com" mcc: description: "Merchant Category Code. Optional for 02-NPA, otherwise mandatory." type: "string" minLength: 4 maxLength: 4 examples: - "5999" VisaDataDTO: description: "Visa Data DTO" type: "object" properties: visaScore: description: "Visa score." type: "integer" minimum: 0 maximum: 99 format: "int32" dafAdvice: description: | Possible values are: - `01`: Must approve; - `02`: Issuer decision. Cf. Visa EMV 3DS Digital Authentication Framework (DAF) Extension for more information. type: "string" minLength: 2 maxLength: 2 authPayCredStatus: description: "`Y` = DAF / others = not DAF. Cf. Visa EMV 3DS Digital Authentication Framework (DAF) Extension for more information." type: "string" minLength: 1 maxLength: 1 chAccReqID: description: "Unique account ID. Cf. Visa EMV 3DS Digital Authentication Framework (DAF) Extension for more information." type: "string" minLength: 1 maxLength: 64 authPayProcessReqInd: description: "01 = DAF transaction / 02 = credential status check per 3RI/NPA. Cf. Visa EMV 3DS Digital Authentication Framework (DAF) Extension for more information." type: "string" minLength: 2 maxLength: 2 MatchingAttack: type: object properties: type: $ref: '#/components/schemas/TypeEnum' pattern: type: object properties: BROWSER: type: string OS: type: string TRANSACTION_AMOUNT: type: string TRANSACTION_CURRENCY_CODE: type: string IP_V4: type: string IP_V6: type: string EXPIRY_DATE: type: string BINRANGE: type: string THREEDSREQUESTORAPPURL: type: string PRINCIPAL: type: string DEVICE_CHANNEL: type: string description: Pattern of the attack alert matching the transaction. description: Attack alert matching the transaction. TypeEnum: type: string description: Type of the attack alert. enum: - BIN